CVE-2019-11543

EPSS 0.18%
Published 26.04.2019 02:29:00
Last modified 21.11.2024 04:21:18
Source cve@mitre.org
Teams watchlist Login
Open Login

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Ivanti ≫ Connect Secure Version8.1

Ivanti ≫ Connect Secure Version8.3

Pulsesecure ≫ Pulse Connect Secure Version8.1r1.0

Pulsesecure ≫ Pulse Connect Secure Version8.1rx

Pulsesecure ≫ Pulse Connect Secure Version8.3rx

Pulsesecure ≫ Pulse Connect Secure Version9.0r1

Pulsesecure ≫ Pulse Connect Secure Version9.0r2

Pulsesecure ≫ Pulse Connect Secure Version9.0r2.1

Pulsesecure ≫ Pulse Connect Secure Version9.0r3

Pulsesecure ≫ Pulse Connect Secure Version9.0r3.1

Pulsesecure ≫ Pulse Connect Secure Version9.0r3.2

Pulsesecure ≫ Pulse Connect Secure Version9.0rx

Pulsesecure ≫ Pulse Policy Secure Version5.2r1.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r2.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r3.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r3.2

Pulsesecure ≫ Pulse Policy Secure Version5.2r4.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r5.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r6.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r7.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r7.1

Pulsesecure ≫ Pulse Policy Secure Version5.2r8.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r9.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r9.1

Pulsesecure ≫ Pulse Policy Secure Version5.2r10.0

Pulsesecure ≫ Pulse Policy Secure Version5.2r11.0

Pulsesecure ≫ Pulse Policy Secure Version5.2rx

Pulsesecure ≫ Pulse Policy Secure Version5.4r1

Pulsesecure ≫ Pulse Policy Secure Version5.4r2

Pulsesecure ≫ Pulse Policy Secure Version5.4r2.1

Pulsesecure ≫ Pulse Policy Secure Version5.4r3

Pulsesecure ≫ Pulse Policy Secure Version5.4r4

Pulsesecure ≫ Pulse Policy Secure Version5.4r5

Pulsesecure ≫ Pulse Policy Secure Version5.4r5.2

Pulsesecure ≫ Pulse Policy Secure Version5.4r6

Pulsesecure ≫ Pulse Policy Secure Version5.4r6.1

Pulsesecure ≫ Pulse Policy Secure Version5.4r7

Pulsesecure ≫ Pulse Policy Secure Version5.4rx

Pulsesecure ≫ Pulse Policy Secure Version9.0r1

Pulsesecure ≫ Pulse Policy Secure Version9.0r2

Pulsesecure ≫ Pulse Policy Secure Version9.0r2.1

Pulsesecure ≫ Pulse Policy Secure Version9.0r3

Pulsesecure ≫ Pulse Policy Secure Version9.0r3.1

Pulsesecure ≫ Pulse Policy Secure Version9.0rx

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.398

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
cve@mitre.org	8.3	1.6	6	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Vendor Advisory

http://www.securityfocus.com/bid/108073

Third Party Advisory

Broken Link

VDB Entry

https://www.kb.cert.org/vuls/id/927237

Third Party Advisory

US Government Resource

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11543

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11543

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11543

EUVD